I am a newbie programmer using VS2010 and coding in VB. I have a windows form application that parses multiple XML files and stores the data in a single table in SQL Server 08. The app parses the XML with no problems, however, my issue is that when my INSERT query runs, it halts when it comes across a field that contains a single quote (i.e. CustomerName containing string "O'Leary, John"). Since the listview populates just fine with the single quotes left intact, I am assuming that the source of my problem is with my actual INSERT sql query. I have attempted to double the single quotes in order to escape it, but in doing so my query wont even execute and instead gives me an error message. Can anyone suggest a method for effectively escaping (or replacing) the single quotes in this string so that the data will write to my table? Keep in mind that I am parsing several thousand XML files using this app, so going into each XML file individually and 'correcting' the problematic string is not an option. Here is a sample of my code which is taking the data from my listview and attempting to load it into my table:
query1.CommandText = "INSERT INTO Cust_Tbl(CustomerID,CustomerName,SaleDate)
VALUES " & "('" & lvitem.subitems(0).Text & "','" _
& lvitem.subitem(1).Text & "','" & lvitem.subitems(2).Text & "')"
query1.ExecuteNonQuery()